[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] [idle speculation] Combining bridge partioning and limiting directory trust?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] [idle speculation] Combining bridge partioning and limiting directory trust?
From: Watson Ladd <watsonbladd@xxxxxxxxx>
Date: Thu, 3 Nov 2011 20:14:24 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 03 Nov 2011 21:14:39 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=Xrpw0urtPRzhSDfSVOmmMycCPRRQE2aLWc+fMeQa4fA=; b=XmUKSMajwQdCoFmtLVYfEgItVSR5V4hsrCQ7QleLWldx1IBPWAvnFhvqXSDhGe01a6 SZaClrG2ZyFV5j5825enSEERwwNMDcIOuwSnUA/7Mnt8sySYVVekxK3N0mBDfj0PtJO3 UQTwJIqWz2OBEUUJwmfSgbhFG0PJzNdIDcaVo=
In-reply-to: <CACsn0ckphbM6Woe+iRSW-imBgt4p9TFuJnXMT+EdvjMwyFOT+w@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CACsn0ckphbM6Woe+iRSW-imBgt4p9TFuJnXMT+EdvjMwyFOT+w@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

Dear all,
I read arma's blog entry calling for someone to see if limiting
zig-zag attacks would harm anonymity. Well, I don't have an answer,
but I did notice that we could increase the number of bridge
authorities by having each bridge authority take a distinct subset of
bridges to hand out, and then implementing a honest forwarder that
forwards an email asking for bridges to a bridge authority based on
some hash function of the requesting gmail address. Compromising an
authority results in those bridges being cut off, but only a subset of
users are affected. This also prevents zig-zag attacks: there are no
clients who see bridges in two distinct authorities mandate.
Unfortunately this only works if bridges are careful not to be listed
by multiple authorities.
Sincerely,
Watson Ladd



-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neitherÂ Liberty nor Safety."
-- Benjamin Franklin
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: [tor-dev] patch to torspec that seperates out the crypto.
Next by Author: [tor-dev] The consequences of key compromise (or the reasons for changing)
Previous by thread: Re: [tor-dev] patch to torspec that seperates out the crypto.
Next by thread: [tor-dev] The consequences of key compromise (or the reasons for changing)
Index(es):
- Author
- Thread